Mr. Michael Johnson is the Chief Information Officer (CIO) for the U.S. Department of Energy (DOE), where he leads and manages cybersecurity, cyber (information sharing and safeguarding) enterprise integration, enterprise information resources management, cyber supply chain risk management, and DOE-HQ information technology (IT) operations. This includes DOE leadership, management, and oversight serving as DOE’s Senior Agency Official for Privacy, Senior Agency Official for Records Management, Senior Agency Official for Information Sharing and Safeguarding to include DOE coordination of National Security Systems, and Senior Agency Official for Spectrum Management. Mr. Johnson is the DOE representative to the White House National Security Council Cyber Response Group (CRG), the Cyber Interagency Policy Committee (IPC), the Federal CIO Council, the Federal Privacy Council, and he serves as the co-chair of the Committee on National Security Systems (CNSS).
Accountable to the Secretary and Deputy Secretary, Mr. Johnson leads Department-wide cyber efforts, including cybersecurity strategy, policy, and operations. He has instituted a cyber distributed, shared risk management framework that integrates cyber operations coordination, cyber intelligence, and cyber incident response. Mr. Johnson is leading the development of an integrated, DOE enterprise-wide automated cyber information sharing and advanced threat analytics capability to ensure real-time enterprise cyber situational awareness and incident response. DOE is advancing cyber hardening by implementing information resources management best practices and modernization initiatives, to include systematic tracking of assets, continuous software updates, and strategic technology refresh such as deploying infrastructure-as-a-service. Under Mr. Johnson’s leadership, DOE is reducing cyber risk by strengthening cybersecurity fundamentals to include strong multifactor authentication, network and privileged user access segmentation, advanced continuous monitoring, and automated vulnerability identification. Recognizing that cyber research and development (R&D) is critical to outpacing our adversaries, Mr. Johnson is engaging the National Laboratories to franchise the world-class cyber R&D performed by these institutions to the benefit of the broader DOE enterprise and the U.S. interagency, to include advanced continuous monitoring, automated cyber threat analysis and risk modeling, and efficient security and privacy architectures.
Mr. Johnson has more than 25 years of management, policy, and operational experience, with deep expertise in cybersecurity, information sharing and safeguarding, intelligence, and national continuity policy. Prior to joining DOE, Mr. Johnson served as the Assistant Director for Intelligence Programs and National Security Systems in the White House Office of Science and Technology Policy. He has held positions at the Department of Homeland Security, where he served as the Chief Scientist within the Office of Intelligence and Analysis, and he was appointed the first Deputy Associate Director of National Intelligence for Information Sharing and Deputy, Intelligence Community Information Sharing Executive in the Office of the Director of National Intelligence. Previously, Mr. Johnson managed national security systems analysis, and served as senior scientist, computer engineer, and intelligence analyst at Sandia National Laboratories. Mr. Johnson has a B.S. in Computer Engineering and an M.S. in Computer Science, with specialization in parallel and distributed simulation, embedded systems, and network protocol design.